Learn how to simulate a full-scale, high-value penetration test. The board game takes you through pen test methodology, tactics, and tools with many possible setbacks that defenders can utilize to hinder forward progress for a pen tester or attacker. The game helps you learn while you play. It's also a great way to showcase to others what pen testers do and how they do it.

Ever wonder if your Windows machines have been compromised, but don't know where to look to find the bad guys' presence? This cheat sheet is designed to help Windows administrators and security personnel to better execute and in-depth analysisof their system in order to look for signs of compromise. Each technique is covered from both a GUI and command-line perspective, acting as a nice bridge between these two important aspects of modern Windows machines. Some organizations print out and laminate these sheets, distributing them among their operations staff to help them better understand their systems and detect attackers in their midst.

Related Course

Organized along the same lines as the Windows cheat sheet, but with a focus on Linux, this tri-fold provides vital tips for system administrators and security personnel in analyzing their Linux systems to look for signs of a system compromise. Each command is described in detail, allowing users to search for unusual processes, network activity, strange files, unexpected cron jobs, and more.

Related Course

Many tools in a penetration tester's arsenal are designed to get command shell on vulnerable target machines. And, often, Windows machines are in the crosshairs, lacking critical patches or being run by click-happy users that blindly open files sent during a carefully scoped penetration test. But, what do you do on a Windows box once you get shell? These cheat sheets help pen testers master the Windows Command Line to exercise significant control over compromised Windows machines.

Related Course

Netcat is one of the most flexible tools in a pen tester's arsenal, but some penetration testers only scratch the surface of its capabilities. These cheat sheets describe the specific commands needed to use Netcat super effectively in penetration tests, including as an impromptu client, gender-bender relay, file transfer tool, banner grabber, port scanner, and more. If you think you know Netcat, check out this cheat sheet for even more devious uses of this remarkably powerful tool.

Related Course

This cheat sheet provides tips for maximizing the effectiveness of some of the most useful free tools available for penetration testers and vulnerability assessment personnel: Metasploit, Meterpreter, fgdump, and hping. The sheet is a handy reference with practical, hands-on, command-line oriented tips every penetration tester should know.

Related Course

When planning a penetration test, if you don't formulate rules of engagement properly, you'll end up with a low-value pen test at best. At worst, you may wind up in prison! With the goal of keeping professional penetration testers out of orange jump suits at the state penitentiary, this worksheet walks a tester through a series of questions to establish a firm set of agreed-upon rules to ensure an effective penetration test.

Related Course

Modern penetration tests can include a myriad of activities against a multitude of potential targets. Trying to hack everything or leaving something ultra-important out are a sure way to execution of a sub-optimal pen test. A penetration tester can use this worksheet to walk through a series of questions with the target system's personnel in order to help tailor a test's scope effectively for the given target organization.